| 2017-06-23 13:11:11 |
Seth Forshee |
bug |
|
|
added bug |
| 2017-06-23 13:11:26 |
Seth Forshee |
linux (Ubuntu): importance |
Undecided |
Medium |
|
| 2017-06-23 13:11:26 |
Seth Forshee |
linux (Ubuntu): status |
New |
In Progress |
|
| 2017-06-23 13:11:26 |
Seth Forshee |
linux (Ubuntu): assignee |
|
Seth Forshee (sforshee) |
|
| 2017-06-23 13:11:34 |
Seth Forshee |
nominated for series |
|
Ubuntu Zesty |
|
| 2017-06-23 13:11:34 |
Seth Forshee |
bug task added |
|
linux (Ubuntu Zesty) |
|
| 2017-06-23 13:12:01 |
Seth Forshee |
linux (Ubuntu Zesty): importance |
Undecided |
Medium |
|
| 2017-06-23 13:12:01 |
Seth Forshee |
linux (Ubuntu Zesty): status |
New |
In Progress |
|
| 2017-06-23 13:12:01 |
Seth Forshee |
linux (Ubuntu Zesty): assignee |
|
Seth Forshee (sforshee) |
|
| 2017-06-23 13:36:42 |
Seth Forshee |
description |
aac_send_raw_srb() allocates a variable named reply on the stack and later copies its contents to userspace. However not all branches of the code initializes all fields of reply, representing a possible information leak. The memory should be zeroed out initially to prevent this. |
aac_send_raw_srb() and aac_get_hba_info() both copy the contents of stack variables to userspace when some of this memory may be uninitialized. The memory should be zeroed out initially to prevent this. |
|
| 2017-06-23 14:19:49 |
Seth Forshee |
description |
aac_send_raw_srb() and aac_get_hba_info() both copy the contents of stack variables to userspace when some of this memory may be uninitialized. The memory should be zeroed out initially to prevent this. |
SRU Justification
Impact: Recent aacraid backports introduce potential information leaks, where some stack allocated memory may be copied to userspace without initialization.
Fix: Clear out the affected memory before using it to ensure that none is left uninitialized.
Test Case: None. Code review should be sufficient to validate the changes.
Regression Potential: Negligible. The patch simply memsets some structs to clear them out prior to any other use.
---
aac_send_raw_srb() and aac_get_hba_info() both copy the contents of stack variables to userspace when some of this memory may be uninitialized. The memory should be zeroed out initially to prevent this. |
|
| 2017-06-23 20:40:45 |
Seth Forshee |
linux (Ubuntu): status |
In Progress |
Fix Committed |
|
| 2017-06-29 10:00:20 |
Thadeu Lima de Souza Cascardo |
linux (Ubuntu Zesty): status |
In Progress |
Fix Committed |
|
| 2017-07-10 08:23:45 |
Kleber Sacilotto de Souza |
tags |
|
verification-needed-zesty |
|
| 2017-07-12 12:13:16 |
Launchpad Janitor |
linux (Ubuntu): status |
Fix Committed |
Fix Released |
|
| 2017-07-14 09:21:43 |
Kleber Sacilotto de Souza |
tags |
verification-needed-zesty |
verification-done-zesty |
|
| 2017-07-17 11:57:59 |
Launchpad Janitor |
linux (Ubuntu Zesty): status |
Fix Committed |
Fix Released |
|
| 2017-07-17 11:57:59 |
Launchpad Janitor |
cve linked |
|
2014-9900 |
|
| 2017-07-17 11:57:59 |
Launchpad Janitor |
cve linked |
|
2017-1000380 |
|
| 2017-07-17 11:57:59 |
Launchpad Janitor |
cve linked |
|
2017-7346 |
|
| 2017-07-17 11:57:59 |
Launchpad Janitor |
cve linked |
|
2017-9605 |
|
